Nelson,
Nelson B Bolyard wrote:
> Momcilo Majic wrote, On 2008-08-25 23:40:
>
>> Hi you were correct, the trust was designated as Pu,Pu,Pu. Still
>>
>> - NSS is 3.12 built on Windows XP, VS2003 + MozillaBuild
>
> OK, In that case, it sounds like a definite bug.
Note that he patched ecl-curve.h
Kyle Hamilton:
>
> Eddy: Can the root CA operator itself be the auditor of the sub-CAs,
> and bring its auditing documentation to its own auditor? That's not
> clear from the language you used; I'm assuming that sub-CAs cannot
> audit themselves (but could perhaps audit sub-sub-CAs), but since it'
Removing #error from the NSS_ECC_MORE_THAN_SUITE_B results in a broken
ECC build, according to another thread.
-Kyle H
On Mon, Aug 25, 2008 at 11:40 PM, Momcilo Majic
<[EMAIL PROTECTED]> wrote:
> Hi,
>
> Hi you were correct, the trust was designated as Pu,Pu,Pu. Still
>
> - NSS is 3.12 built on W
On Tue, Aug 26, 2008 at 3:24 AM, Thorsten Becker <[EMAIL PROTECTED]> wrote:
> In Bug #378882 Eddy Nigg directed me here because of a SubCA audit
> question: He states that root CAs in mozilla NSS must "Not circumvent
> the audit requirement set forth by the Mozilla CA policy.
> This means that the
Thorsten Becker:
>
> Can we say that it is neccessary (but not sufficient) to get included if
> you have "independent" sub-CAs that they are linked logically and
> legally to your root in a "sufficient" manner? Entities that are
> physically external seem to be quite common (Enterprise CAs)
>
"Qui
Momcilo Majic wrote, On 2008-08-25 23:40:
> Hi you were correct, the trust was designated as Pu,Pu,Pu. Still
>
> - NSS is 3.12 built on Windows XP, VS2003 + MozillaBuild
OK, In that case, it sounds like a definite bug.
If you could supply your cert and key DB files, I'd debug it.
I gather that
Eddy,
thanks for your elaborate answer. I have only a few questions (I'm still
learning... ;-) )
Eddy Nigg schrieb:
>
> Let me add a few things here in order to make it clear what I meant:
>
> The Mozilla CA policy requires auditing of the CA and its
> infrastructure. In the past there were v
Thorsten Becker:
> In Bug #378882 Eddy Nigg directed me here because of a SubCA audit
> question: He states that root CAs in mozilla NSS must "Not circumvent
> the audit requirement set forth by the Mozilla CA policy.
> This means that the CAs which belong to this PKI and are under this root
> MUST
http://demo.webpki.org/mozkeygen
The 230 line on-line CA service is as follows:
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.secu
Gervase Markham:
> Eddy Nigg wrote:
>> Well yes, EV shouldn't mix with DV...
>
> Right! So, after all that arguing, you actually agree with me?
>
Maybe I misunderstood your position, but if this is what you think as
well, then yes!
In relation to that, there has been some discussions about not i
In Bug #378882 Eddy Nigg directed me here because of a SubCA audit
question: He states that root CAs in mozilla NSS must "Not circumvent
the audit requirement set forth by the Mozilla CA policy.
This means that the CAs which belong to this PKI and are under this root
MUST
be part of the audit. C
Eddy Nigg wrote:
> Well yes, EV shouldn't mix with DV...
Right! So, after all that arguing, you actually agree with me?
Gerv
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Kyle Hamilton wrote:
> My view:
>
> Anything that comes from an EV-validated site should be viewed as
> being approved by that EV-validated site.
Right. So shouldn't we be concerned if it's possible, by subverting DNS,
to make this not true for EV+DV mixed sites?
> The details of the contracts
13 matches
Mail list logo
